The new checks are actually sufficient but not enough for Coverity
Scan. Now that fwd->sock_count and new->last are affected or supplied
by clients, we need explicit (albeit redundant) checks on them.
Signed-off-by: Stefano Brivio
---
fwd_rule.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fwd_rule.c b/fwd_rule.c
index b55e4df..03e8e80 100644
--- a/fwd_rule.c
+++ b/fwd_rule.c
@@ -271,13 +271,22 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new)
warn("Too many rules (maximum %d)", ARRAY_SIZE(fwd->rules));
return -ENOSPC;
}
+
if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) {
warn("Rules require too many listening sockets (maximum %d)",
ARRAY_SIZE(fwd->socks));
return -ENOSPC;
}
+ /* Redundant, to make static checkers happy */
+ if (fwd->sock_count > ARRAY_SIZE(fwd->socks))
+ return -ENOSPC;
fwd->rulesocks[fwd->count] = &fwd->socks[fwd->sock_count];
+
+ /* Redundant ('num' checked above), but not for static checkers */
+ if (new->last > ARRAY_SIZE(fwd->socks) + new->first)
+ return -ENOSPC;
+
for (port = new->first; port <= new->last; port++)
fwd->rulesocks[fwd->count][port - new->first] = -1;
--
2.43.0